SSH, the Secure SHell, is a replacement for
rsh and, in most cases, telnet. It provides a
secure, encrypted connection, through which you can have normal,
interactive logins, as well as do other useful things like forwarding
X11 connections. It also comes with scp, a replacement for
rcp.
This is intended as a guide to helping people get started with SSH at monash. Comments and queries should be directed to [email protected], or posted on the monash.decstations newsgroup
For basic use, there's nothing to setup : you can just run it like
rsh:
ssh aurora
Or, if you have a different username over yonder, you can do either one of :
ssh [email protected] ssh otherhost.net -l username
or, to do something non-interactively :
ssh aurora 'ls -lt /usr/local/bin | head'
In both of these cases, you'll be asked for your password on aurora before it will run the command.
If you want to make sure your login session is secure, don't mix telnet/rsh and ssh ! - you have to use ssh everywhere, this includes from PCs, annexes, and so on. If you, say, telnet from your PC to aurora, and then ssh to silas, it's no more secure than telnetting straight to silas. Similarly, if you dial in to the annex or ascend terminal servers, and telnet from them, you're still leaving yourself open.
In answer to the next question you probably have after reading that, yes, there is a Windows version of SSH. Unfortunately, though, it's a commercial product, although you can get a demo that expires after a while. Since then, somebody's added SSH support to a free product called TeraTerm Pro.
At Monash, people are encouraged to run Netscape off the two main unix machines Silas and Aurora. In order to do this, one could do the following, from a shell prompt on your local DECstation :
ssh -n -f silas netscape
You'll be prompted for your password, and will them be returned to
the shell prompt. A few seconds later, netscape should appear. What's
different is that you didn't need to do anything about
"xhost" or "xauth" - It will set up the correct
xauth configuration such that nobody else can mess with your
X display, and the X connection from silas to your DECstation is
encrypted, the same as a normal "telnet-like" session. Also, if ssh
needs to ask for your password, but isn't running on a terminal
(eg. your window manager runs it for you, off a menu), it will pop up
a window asking you for your password.
As well as ssh, there's a companion program called
scp that you can use to copy files between machines (like
rcp) :
scp file.txt aurora:txt/guff/foo.txt
or, if your account name is different on the other machine :
scp file.txt blah@yoyo:txt/foo.txt
ssh-agent is an authentication agent - you run it when you
first login, and add your private RSA key, and from then on (if your other
machines are setup with your public RSA key), you can securely login
to other machines without needing to type in a password. The basic
steps to do this are as follows :
ssh-keygen (and read the
manual page about it first !), and pick a good passphrase :
ssh-keygen
$HOME/.ssh/identity, and the public key
(which you can give away access to) is in
$HOME/.ssh/identity.pub - make sure permissions are set
properly :
chmod 0700 $HOME/.ssh chmod 0600 $HOME/.ssh/identity
$HOME/.ssh/identity.pub to
$HOME/.ssh/authorized_keys on every other machine you
want to be able to ssh to (don't forget to chmod 0700
$HOME/.ssh too)..xsession
file (the "-s" is because my .xsession file is run with sh or ksh or
bash or zsh. if you use tcsh or csh, you should put "-c" instead) :
eval `ssh-agent -s` ssh-add
man ssh man ssh-agent